| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a1a18bec-e694-9a51-9d88-753baf0e6d2b@linux.dev>
Date: Fri, 18 Aug 2023 08:26:06 -0700
From: Yonghong Song <yonghong.song@...ux.dev>
To: Geliang Tang <geliang.tang@...e.com>, Alexei Starovoitov
<ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
<martin.lau@...ux.dev>, Song Liu <song@...nel.org>,
Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Florent Revest <revest@...omium.org>, Brendan Jackman
<jackmanb@...omium.org>, Matthieu Baerts <matthieu.baerts@...sares.net>,
Mat Martineau <martineau@...nel.org>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
John Johansen <john.johansen@...onical.com>, Paul Moore
<paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>, Mykola Lysenko <mykolal@...com>,
Shuah Khan <shuah@...nel.org>, Simon Horman <horms@...nel.org>
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, mptcp@...ts.linux.dev,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH bpf-next v14 1/4] bpf: Add update_socket_protocol hook
On 8/18/23 1:24 AM, Geliang Tang wrote:
> On Wed, Aug 16, 2023 at 09:11:56AM +0800, Geliang Tang wrote:
>> Add a hook named update_socket_protocol in __sys_socket(), for bpf
>> progs to attach to and update socket protocol. One user case is to
>> force legacy TCP apps to create and use MPTCP sockets instead of
>> TCP ones.
>>
>> Define a fmod_ret set named bpf_mptcp_fmodret_ids, add the hook
>> update_socket_protocol into this set, and register it in
>> bpf_mptcp_kfunc_init().
>>
>> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/79
>> Acked-by: Matthieu Baerts <matthieu.baerts@...sares.net>
>> Acked-by: Yonghong Song <yonghong.song@...ux.dev>
>> Signed-off-by: Geliang Tang <geliang.tang@...e.com>
>> ---
>> net/mptcp/bpf.c | 15 +++++++++++++++
>> net/socket.c | 26 +++++++++++++++++++++++++-
>> 2 files changed, 40 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/mptcp/bpf.c b/net/mptcp/bpf.c
>> index 5a0a84ad94af..8a16672b94e2 100644
>> --- a/net/mptcp/bpf.c
>> +++ b/net/mptcp/bpf.c
>> @@ -19,3 +19,18 @@ struct mptcp_sock *bpf_mptcp_sock_from_subflow(struct sock *sk)
>>
>> return NULL;
>> }
>> +
>> +BTF_SET8_START(bpf_mptcp_fmodret_ids)
>> +BTF_ID_FLAGS(func, update_socket_protocol)
>> +BTF_SET8_END(bpf_mptcp_fmodret_ids)
>> +
>> +static const struct btf_kfunc_id_set bpf_mptcp_fmodret_set = {
>> + .owner = THIS_MODULE,
>> + .set = &bpf_mptcp_fmodret_ids,
>> +};
>> +
>> +static int __init bpf_mptcp_kfunc_init(void)
>> +{
>> + return register_btf_fmodret_id_set(&bpf_mptcp_fmodret_set);
>> +}
>> +late_initcall(bpf_mptcp_kfunc_init);
>> diff --git a/net/socket.c b/net/socket.c
>> index 5d4e37595e9a..fdb5233bf560 100644
>> --- a/net/socket.c
>> +++ b/net/socket.c
>> @@ -1657,12 +1657,36 @@ struct file *__sys_socket_file(int family, int type, int protocol)
>> return sock_alloc_file(sock, flags, NULL);
>> }
>>
>> +/* A hook for bpf progs to attach to and update socket protocol.
>> + *
>> + * A static noinline declaration here could cause the compiler to
>> + * optimize away the function. A global noinline declaration will
>> + * keep the definition, but may optimize away the callsite.
>> + * Therefore, __weak is needed to ensure that the call is still
>> + * emitted, by telling the compiler that we don't know what the
>> + * function might eventually be.
>> + *
>> + * __diag_* below are needed to dismiss the missing prototype warning.
>> + */
>> +
>> +__diag_push();
>> +__diag_ignore_all("-Wmissing-prototypes",
>> + "A fmod_ret entry point for BPF programs");
>
> Hi Martin & Yonghong,
>
> I got a sparse warning for this new added 'update_socket_protocol':
>
> > touch net/socket.c && make C=1 net/socket.o
>
> net/socket.c:1676:21: warning: symbol 'update_socket_protocol' was not declared. Should it be static?
This is a sparse warning. Let us ignore it for now. We already have
__diag_ignore for missing prototypes in the above, but sparse won't
recognize them. Also, 'static' is conflict with '__weak' attribute,
and we cannot remove '__weak' attribute.
>
> What should I do to fix it, or should I just leave it here? Please give
> me some suggestions.
>
> Thanks,
> -Geliang
>
>> +
>> +__weak noinline int update_socket_protocol(int family, int type, int protocol)
>> +{
>> + return protocol;
>> +}
>> +
>> +__diag_pop();
>> +
>> int __sys_socket(int family, int type, int protocol)
>> {
>> struct socket *sock;
>> int flags;
>>
>> - sock = __sys_socket_create(family, type, protocol);
>> + sock = __sys_socket_create(family, type,
>> + update_socket_protocol(family, type, protocol));
>> if (IS_ERR(sock))
>> return PTR_ERR(sock);
>>
>> --
>> 2.35.3
>>
>
Powered by blists - more mailing lists